Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2022
CVE-2020-28438
This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js
CVSS Score
9.8
EPSS Score
0.001
Published
2022-07-25
CVE-2020-28441
This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context.
CVSS Score
7.3
EPSS Score
0.001
Published
2022-07-25
CVE-2020-28443
This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-07-25
CVE-2020-28445
This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion() function.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-07-25
CVE-2020-28446
The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js.
CVSS Score
9.8
EPSS Score
0.043
Published
2022-07-25
CVE-2020-28447
This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopen(filepath)
CVSS Score
9.8
EPSS Score
0.005
Published
2022-07-25
CVE-2020-28455
This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped.
CVSS Score
7.3
EPSS Score
0.002
Published
2022-07-25
CVE-2020-28459
This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link.
CVSS Score
7.3
EPSS Score
0.002
Published
2022-07-25
CVE-2020-28461
This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context.
CVSS Score
7.3
EPSS Score
0.005
Published
2022-07-25
CVE-2020-28462
This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context.
CVSS Score
7.3
EPSS Score
0.004
Published
2022-07-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved